theme-factory
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTIONNO_CODE
Full Analysis
- Prompt Injection (LOW): The 'Create your Own Theme' feature processes untrusted user input to generate styling specifications, creating an indirect prompt injection surface (Category 8). (1) Ingestion points: User inputs for theme descriptions in the 'Create your Own Theme' section of SKILL.md. (2) Boundary markers: None present. (3) Capability inventory: The agent has the capability to modify artifact styling (colors and fonts). (4) Sanitization: No sanitization or validation of the input is specified.
- No Code (INFO): This skill contains no executable scripts or package manifests, significantly reducing the risk of technical exploits such as remote code execution or dependency poisoning.
Audit Metadata